# File: Dockerfile
FROM python:3.8-slim-buster

# Intentionally using old versions of packages with known vulnerabilities
RUN apt-get update && apt-get install -y \
    openssl \
    curl \
    && rm -rf /var/lib/apt/lists/*

WORKDIR /app

# Copy application files
COPY app.py .
COPY requirements.txt .

# Install Python dependencies
RUN pip install -r requirements.txt

# Create a non-root user but don't use it (vulnerability)
RUN useradd -m appuser

# Expose port
EXPOSE 5000

# Run as root (vulnerability)
CMD ["python", "app.py"]
